Method and apparatus for controlling the admission of data into a network element

ABSTRACT

A method and apparatus for controlling the admission of data packets into a network element is described. In an embodiment, a method for controlling admittance of a data packet into a memory buffer includes performing, prior to queuing the data packet for routing by a processor, the following: (1) receiving a data packet from one of at least two different ports, (2) determining a priority value within the data packet, and (3) determining an admittance group identifier for the data packet based on the priority value and the port the data packet was received. The method also comprises queuing the data packet from the memory buffer to one of a number of queues for routing by the processor upon determining that a number of data packets stored the memory buffer and having the admittance group identifier is not greater than a threshold value.

FIELD OF THE INVENTION

The invention relates to the field of communications. More specifically,the invention relates to controlling the admission of data into anetwork element.

BACKGROUND OF THE INVENTION

Within the field of communications, the need for high-speed transmissionof data has continued to increase, as customers continue to need morebandwidth to satisfy the growing needs. Moreover, in addition to thedemand for higher bandwidth, there has also been an increased need forvarious types of services that employ different protocols. For example,certain customers (e.g., companies providing voice services) ofhigh-speed networks want to operate on a Time Division Multiplexing(TDM) Network, which combines different data streams, such as voicetraffic, such that each data stream is assigned a time slot within thecombined data stream. Moreover, other customers of high-speed networksmay desire to transport data employing packet-based data streams, whichdo not have dedicated timeslots to given packets. Examples of the typesof packets that can be placed into such data streams can includeAsynchronous Transfer Mode (ATM), Internet Protocol (IP), Frame Relay,voice over IP and Point-to-Point Protocol (PPP), Multi-Protocol LabelSwitching (MPLS) or Ethernet.

Additionally, Quality of Service (QoS) requirements are now beingemployed to determine which data packets have higher priority for use ofthe data bandwidth within a network. In particular, QoS values arepriority values attached to the packets of data being transmitted acrossthe network. Accordingly, in the event that data packets must bedropped, due for example to network congestion, those data packetshaving a lower QoS value are dropped before data packets having a higherQoS value. For example, data traffic related to a business lettergenerated by a word processing application could have a higher prioritythan data traffic related to general Internet web browsing. Further,certain customers could pay to have their data traffic upgraded to ahigher priority.

Disadvantageously in current systems, even though lower priority datatraffic is eventually dropped during times of network congestion, suchtraffic still consumes network resources, such as memory and processors,in order to categorize and prioritize the data traffic being receivedwithin a given network element. For example, in a typical system, anetwork element would attempt to receive and buffer all of the datapackets into memory, perform full classification of the received packetsand then drop those packets of lowest priority.

One problem with this type of system is that it may be subject tonetwork attacks, which involves the transmitting of a large number ofpackets to the targeted network elements, thereby “bogging” the systemas attempts are made to receive, buffer and classify all of the datapackets. While under a network attack, the network element may not haveenough memory space to buffer all of these “attack” packets, therebyresulting in the loss of packets (including valid packets that are notrelated to the network attack). Moreover even absent a network attack,in such systems the higher priority data traffic are subject to beinglost if the lower priority data traffic consumes the network resources,such as the memory buffer space, as data packets are dropped when thememory buffer space is exceeded.

SUMMARY OF THE INVENTION

A method and apparatus for controlling the admission of data packetsinto a network element is described. In an embodiment, a method forcontrolling admittance of a data packet into a memory buffer includesperforming, prior to queuing the data packet for routing by a processor,the following: (1) receiving a data packet from one of at least twodifferent ports, (2) determining a priority value within the datapacket, and (3) determining an admittance group identifier for the datapacket based on the priority value and the port the data packet wasreceived. The method also comprises queuing the data packet from thememory buffer to one of a number of queues for routing by the processorupon determining that a number of data packets stored in the memorybuffer and having the admittance group identifier is not greater than athreshold value.

In one embodiment, an apparatus comprises preclassification circuitrycoupled to receive a number of data packets from a number of ports. Thepreclassification circuitry is to determine a priority value for each ofthe number of data packets. The apparatus also includes controlcircuitry coupled to the preclassification circuitry. Additionally, theapparatus comprises a memory buffer coupled to the control circuitry.The apparatus includes a number of queues coupled to a number ofprocessors, wherein the control circuitry is to queue a data packet ofthe number of data packets into the number of queues from the memorybuffer upon determining that a number of the data packets stored in thememory buffer, which are received on the port that the that the datapacket is received and have a priority value that equals the priorityvalue of the data packet, has not exceeded a threshold value.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the invention may be best understood by referring to thefollowing description and accompanying drawings which illustrate suchembodiments. The numbering scheme for the Figures included herein aresuch that the leading number for a given element in a Figure isassociated with the number of the Figure. For example, system 100 can belocated in FIG. 1. However, element numbers are the same for thoseelements that are the same across different Figures.

In the drawings:

FIG. 1 is block diagram illustrating a system that incorporatesembodiments of the present invention;

FIG. 2 illustrates portions of in-ring network elements 102-108,according to embodiments of the present invention;

FIG. 3 illustrates a block diagram of packet processing circuitry 212a-d/214 a-d (hereinafter “packet processing circuitry 212”), accordingto embodiments of the present invention.

FIG. 4 illustrates a flow diagram of controlling admission of datapackets into a network element, according to embodiments of the presentinvention.

FIG. 5 illustrates a flow diagram for determining the priority value fora data packet, according to embodiments of the present invention.

FIG. 6 illustrates the processing of bytes of a number of data packetsby a number of instruction streams, according to embodiments of thepresent invention.

FIG. 7 illustrates an instruction with an instruction stream to beapplied to portions of a data packet, according to embodiments of thepresent invention.

DETAILED DESCRIPTION

A method and apparatus for controlling the admission of data packetsinto a network element are described. In the following description, forpurposes of explanation, numerous specific details are set forth inorder to provide a thorough understanding of the present invention. Itwill be evident, however, to one skilled in the art that the presentinvention may be practiced without these specific details.

System Description

FIG. 1 is block diagram illustrating a system that incorporatesembodiments of the present invention. In particular, FIG. 1 illustratessystem 100 that includes network ring 114, which is comprised of in-ringnetwork element 102, in-ring network element 104, in-ring networkelement 106 and in-ring network element 108. System 100 also includenon-ring network element 110, non-ring element 111 and non-ring networkelement 112, which are coupled to network ring 114 through in-ringnetwork element 102, in-ring network element 104 and in-ring networkelement 106, respectively. In an embodiment, network elements 102-112can be routers, switches, bridges or other types of network element thatprocess data.

In one embodiment, the connection among in-ring network element 102,in-ring network element 104, in-ring network element 106 and in-ringnetwork element 108 allow for bi-directional traffic. Accordingly, thisbi-directional capability allows for redundancy in the communicationbetween the different network elements, such that if a given line ofcommunication is lost, the data traffic to be transmitted thereon can bererouted in the opposite direction to reach its intended destinationwithin the ring architecture.

In an embodiment, system 100 transmits data traffic among the differentnetwork elements, both in-ring and non-ring, employing the SynchronousOptical Network (SONET) standard or Synchronous Digital Hierarchy (SDH).However, embodiments of the present invention are not so limited, asdata traffic among the different network elements can be transferredusing other types of transmission standards. Examples of other types oftransmission standards can include, but are not limited to, T1, T3, DataSignal (DS)3 and DS1 signals. In one embodiment, data traffic amongin-ring network element 102, in-ring network element 104, in-ringnetwork element 106 and in-ring network element 108 includes TDM trafficand packet traffic within a same Time Division Multiplexing (TDM)signal. In an embodiment, the SONET/SDH standard is employed for in-ringcommunications, while a DS3 and/or DS1 standard is employed for non-ringcommunications.

In this ring network, network elements are used that can transmit andreceive TDM ring traffic. In addition, at least certain of the networkelements provide two different switching techniques—TDM and packet. Thepacket switching provided can support any number of protocols includinglayer 2 and layer 3 type protocols such as ATM, Ethernet, Frame Relay,IP and MPLS, etc. In addition to typical operations of a TDM networkelement, the network elements are implemented to be able to programmablyselect on a TDM-timeslot basis certain of the incoming TDM traffic to beextracted and packet switched rather than TDM switched. Regardless ofwhich switching technique is used, the switched traffic going back ontothe ring is put in TDM format and transmitted out. However, each timetraffic is packet switched, that traffic can be statisticallymultiplexed. A further description of the operation of system 100 andthe network elements therein is described in more detail below.

The architecture and configuration of system 100 is by way of exampleand not by way of limitation, as embodiments of the present inventioncan be incorporated in other types of systems. For example, other suchsystems could incorporate less or more network elements into the networkring and/or network elements attached thereto. Moreover, embodiments ofthe present invention are not limited to the network ring architectureas illustrated in FIG. 1. Examples of other types of networkarchitectures that can incorporate embodiments of the present inventioninclude, but are not limited to, a point-to-point configuration,point-to-multipoint configuration, a hub configuration and/or differenttypes of mesh topologies. In addition, embodiments of the presentinvention are not limited to TDM networks, but also applies to WaveDivision Multiplexing (WDM) networks.

Network Element Description

FIG. 2 illustrates portions of in-ring network elements 102-108 (forpurposes of FIG. 2, hereinafter “network element 102”), according toembodiments of the present invention. As shown, network element 102includes line cards 202 a-d and control card(s) 220, such that controlcard(s) 220 are coupled to each of line cards 202 a-d. The number ofline cards illustrated are for the sake of simplicity and not by way oflimitation, as a lesser or greater number of line cards can be includedwithin network element 102. Additionally, network element 102 includes afirst switch fabric, packet mesh 226, which includes a full mesh suchthat each of line cards 202 a-d are coupled to one another. For example,line card 202 a is coupled to line cards 202 b-d through packet mesh226. However, embodiments of the present invention are not limited to afull mesh for the transmission of packets among line cards 202 a-d, asany type of switching method that switches based on the addressingscheme described herein can be incorporated into embodiments of thepresent invention. For example, in one embodiment, line cards 202 a-dcould be coupled together using a switch fabric, such that the linecards are coupled to a packet switch card, which provides for theswitching therein.

Line cards 202 a-d include physical connection circuitry 210 a-d,ingress packet processing circuitry 212 a-d and egress packet processing214 a-d, respectively. Physical connection circuitry 210 a-d can becoupled to lines external to network element 102, as shown, which cancarry optical and/or electrical signals, which is described in moredetail below in conjunction with FIG. 7. In one embodiment, line cards202 a-d of network element 102 may be connected to an optical linetransmitting SONET OC-N signals. Moreover, in an embodiment, line cards202 a-d of network element 102 may be connected to an electrical linesuch as a T1, T3, E1, E3, Ethernet, Gigabit Ethernet, etc. However,embodiments of the present invention are not limited to theabove-described examples, as any other type of optical or electricaldata transmission can be incorporated into embodiments of the presentinvention. Additionally, control cards(s) 220 include TDM switchingcircuitry 216. This is by way of example and not by way of limitation,as TDM switching circuitry 216 can be placed in other locations. Forexample, in an embodiment, TDM switching circuitry 216 is located on aseparate card, apart from control card(s) 220.

In an embodiment, each line card 202 a-d can be coupled to four opticaland/or electrical lines. In another embodiment, each line card 202 a-dcan be coupled to eight optical and/or electrical lines. However,embodiments of the present invention are not so limited, as a lesser orgreater number of optical and/or electrical lines can be coupled tonetwork element 102 through line cards 202 a-d. Additionally, physicalconnection circuitry 210 a-d are coupled to ingress packet processingcircuitry 212 a-d, respectively, such that packet data being receivedfrom the optical and/or electrical lines is passed from physicalconnection circuitry 210 a-d to ingress packet processing circuitry 212a-d, respectively. In one embodiment, the packet data is extracted froma TDM signal, which is described in more detail below.

Ingress packet processing circuitry 212 a-d is coupled to packet mesh226. Accordingly, each ingress packet processing circuitry 212 a-d iscoupled to each egress packet processing circuitry 214 a-d,respectively, on line cards 202 a-d through packet mesh 226. Moreover,egress packet processing circuitry 214 a-d is respectively coupled tophysical connection circuitry 210 a-d, such that packet data trafficcoming in from packet mesh 226 from ingress packet processing circuitry212 a-d is transmitted from egress packet processing circuitry 214 a-dto physical connection circuitry 210 a-d, respectively.

Line cards incorporated into embodiments of the present invention arenot limited to those illustrated by line cards 202 a-d. Moreover, thenetwork elements can have different line card configurations from thatshown by line cards 202 a-d. For example, a given in-ring networkelement could be limited to a single line card that can receive andtransmit TDM traffic(which may include packet traffic) within networkring 114, employing multiple interfaces for the receipt and transmittalof TDM traffic. In another embodiment, a given in-ring network elementcan include a first line card to receive TDM traffic (which may includepacket traffic) from another in-ring element, while a second line cardcan transmit TDM traffic to another or same in-ring network element. Inone such embodiment, a third line card can be incorporated into thisgiven in-ring network element to add, drop and transmit different typesof traffic including different types of packet traffic, such as ATM,Frame Relay, IP, etc, received and transmitted to a non-ring networkelement. In another embodiment, a given network element may include asingle line card with multiple interfaces such that a first interfacereceives TDM traffic from another in-ring network element, a secondinterface transmits TDM traffic to another in-ring network element and athird interface adds, drops and transmits traffic, such as packettraffic to a non-ring network element. A network element may beconnected to multiple rings, either using multiple sets of line cards ormultiple interfaces on one set of line cards.

Accordingly, a line card is used either to connect to an in-ring networkelement to form part of the ring, or to provide communication without-of ring network elements. To provide some examples with regard to aline card connected with an out-of-ring network element: 1) layer ⅔traffic from out-of-ring network element can come in, go through thepacket mesh to a line card connected to an in-ring network element, andthen out onto the ring being carried by a SONET frame; 2) layer ⅔traffic coming from an out-of-ring network element can be de-mapped intoSONET, go through the TDM switch fabric to a line card connected to anin-ring network element, and then out onto the ring being carried by aSONET frame; 3) TDM traffic coming from an out-of-ring network elementcan come in, go through the TDM switch fabric to a line card connectedto an in-ring network element, and then out onto the ring being carriedby a SONET frame; 4) TDM traffic coming from an out-of-ring networkelement carrying layer ⅔ traffic can be processed to extract the layer ⅔traffic, with the layer ⅔ traffic going through the packet mesh to aline card connected to an in-ring network element, and then out onto thering carried by a SONET frame; 5) layer ⅔ traffic coming from anout-of-ring network element can go through the packet mesh to a linecard connected to an out-of-ring network element, and then go out of thering being carried by the protocol of the interface of that egress linecard; etc. Traffic flows can be full duplex. Accordingly, for eachexample, there is a corresponding in-ring to out-of-ring capability.

With regard to the TDM traffic, a second switch fabric (in addition topacket mesh 226) is formed among line cards 202 a-d and TDM switchingcircuitry 216 of control cards 220, as illustrated by the dashed linesin FIG. 2. In particular, physical connection circuitry 210 a-d iscoupled to TDM switching circuitry 216 for the receiving andtransmitting of TDM traffic into and out of network element 102.Accordingly, TDM switching circuitry 216 receive TDM traffic fromphysical connection circuitry 21oa-d and switches this traffic to any ofphysical connection circuitry 210 a-d, based on configuration data forthe timeslots of the TDM traffic. For example, TDM switching circuitry216 could be configured such that data within the first ten timeslots ofa TDM signal, such as a SONET/SDH signal, received on a first interfaceof physical connection circuitry 210 a are forwarded out the first tentimeslots of a TDM signal being transmitted out from a first interfaceof physical connection circuitry 210 d.

Operation of Packet Processing Circuitry

FIG. 3 illustrates a block diagram of packet processing circuitry 212a-d/214 a-d (hereinafter “packet processing circuitry 212”), accordingto embodiments of the present invention. As shown, packet processingcircuitry 212 includes preclassification circuitry 302, which is coupledto receive data packets 314 from ports 350. Additionally,preclassification circuitry 302 is coupled to admission controlcircuitry 304. Admission control circuitry 304 is also coupled to memorybuffer 308. Memory buffer 308 is coupled to queue 330, queue 332, queue334 and queue 336. Each of queues 330-336 is coupled to processing unit320, processing unit 322, processing unit 324 and processing unit 326.Additionally, as shown, the number of queues and processing units arenot limited to the four shown in FIG. 3, as a greater or lesser numberof such components can be incorporated into packet processing circuitry212.

Preclassification circuitry 302 is coupled to receive data packets 314from physical connection circuitry 210 for ingress packet processingcircuitry 212 and from packet mesh 226 for egress packet processingcircuitry 214. For the sake of simplicity and not by way of limitation,the block diagram of FIG. 3 illustrates the receipt of data packets froma single transmission line. In particular, embodiments of the presentinvention can include the receipt of a number of data packets from anumber of different ports (either logical or physical) to which a numberof transmission lines can be coupled (as shown by ports 350). Moreover,ports 350 are coupled to transmit data packets 314 to memory buffer 308.

Preclassification circuitry 302 is coupled to transmit data packets 314and priority value 312 and port number 310 to admission controlcircuitry 304. Admission control circuitry 304 includes mapping table360, drop circuitry 362 and queuing circuitry 364. As will be describedin more detail below, mapping table 360 includes a number of admittancegroup identifiers. In an embodiment, upon determining a priority valueand the port for a given packet, admission control circuitry 304traverses mapping table 360 to determine the identification of anadmission group for this packet. In one such embodiment, memory buffer308 can store data packets into a maximum of 128 different admissiongroups. In an embodiment, upon determining a priority value and the portfor a given packet, admission control circuitry 304 traverses mappingtable 360 to determine a queue to associate with the data packet.

As will be described in more detail below, admission control circuitry304 also includes drop circuitry 362 that removes data packets that arestored in memory buffer 308 upon determining that the number of datapackets stored in memory buffer 308 are above a given threshold value(prior to being queued into one of queues 330-336 for processing by oneof processing units 320-326). Admission control circuitry 304 alsoincludes queuing circuitry 362 that controls the queuing of data packetsfrom memory buffer 308 to queues 330-336.

The operation of packet processing circuitry 212 of FIG. 3 will now bedescribed in more detail in conjunction with the flow diagram of FIG. 4.In particular, FIG. 4 illustrates a flow diagram of controllingadmission of data packets into a network element, according toembodiments of the present invention. Method 400 is describes in termsof a single data packet being received on a single transmission line ona single port. This is for sake of simplicity and not by way oflimitation as embodiments of the present invention can process a numberof data packets on a number of transmission lines on a number of ports(both logical and physical). Additionally, method 400 is described interms of the processing of data packets received from sources externalto the network element through physical connection circuitry 210.However, embodiments of the present invention are not so limited, asmethod 400 can process data packets received from packet mesh 226 thatis internal to the network element.

Method 400 commences with the receipt of a portion of a data packet,such as a byte, by preclassification circuitry 302, at process block402. Returning to FIG. 2 to help illustrate, preclassification circuitry302 could receive this portion of the data packet from another networkelement through physical connection circuitry 210. In one embodiment,this portion of the data packet can be received on one of four differentphysical port interfaces. Moreover, in one such embodiment, theseportions of data packets can be received on 32 different logical portinterfaces across the four different physical ports. The number ofphysical and/or logical port interfaces on which the portions of datapackets can be received are by way of example and not by way oflimitation, as a greater or lesser number of such port interfaces can beincorporated into embodiments of the present invention.

Preclassification circuitry 302 determines the priority value for thedata packet, at process block 404. FIG. 5 illustrates a flow diagram fordetermining the priority value for a data packet, according toembodiments of the present invention. Method 500 is described in termsof processing a byte of a data packet. However, embodiments of thepresent invention are not so limited, as other sizes of the data packetcan be received and processed as provided within method 500.

Method 500 of FIG. 5 commences with the receipt of a byte of a datapacket by preclassification circuitry 302, at process block 502. Asdescribed above, this byte of a data packet can be received from anumber of different port interfaces (either physical or logical).Preclassification circuitry 302 applies zero to any number of differentinstruction streams to this byte, at process block 504. In oneembodiment, the number of instruction streams to be applied to a givenbyte of a data packet ranges from 0-4. In particular with regard toprocess block 504, preclassification circuitry 302 applies thoseinstruction streams that are not in a “fail” state, which is describedin more detail below.

FIG. 6 illustrates the processing of bytes of a number of data packetsby a number of instruction streams, according to embodiments of thepresent invention. The number of instruction streams, the number ofinstructions within the instruction streams, the number of packets andthe number of bytes within packets shown in FIG. 6 are for the sake ofsimplicity and not by way of limitation, as they can be a lesser orgreater number of such components within embodiments of the presentinvention.

FIG. 6 includes packets 610 and 614 that include bytes 612A-612I andbytes 616A-6161, respectively. FIG. 6 also includes instruction stream602 and instruction stream 606. In an embodiment, the number ofinstruction streams that can be applied to a byte of a data packet is ina range of zero to four. Instruction stream 602 and instruction stream606 include instructions 604A-6041 and instructions 608A-608I,respectively. In one embodiment, the number of instructions within agiven instruction stream is 16. Instruction streams 602 and 606 can bedifferent types of circuitry and/or logic that represent the differentinstructions included therein.

In an embodiment, each of the instruction streams represent thoseinstructions that assist in identifying whether the byte stream of apacket is of a given packet format. For example, one instruction streamcould represent those instructions to help identify whether the bytestream is an Ethernet packet, while another instruction stream couldrepresent those instructions to help identify whether the byte stream isan Internet Protocol (IP) packet. Other types of standards that could berepresented by an instruction stream include, but are not limited to,Asynchronous Transfer Mode (ATM), voice over IP, Point-to-Point Protocol(PPP) and Multi-Protocol Label Switching (MPLS). As is known in the art,each packet format includes different values in different locationswithin the byte stream of the packet that help identify the packet asbeing of a given format. Accordingly, each instruction in theinstruction stream looks at different bytes within the packet todetermine if the packet is of a given format. For example, the fifthbyte of a packet might have a value that is greater than 20, while the10^(th) byte of the packet might have a value that is less than or equalto 200 for a given format. Therefore, the first instruction for thisinstruction stream would determine whether the fifth byte is greaterthan 20, while a second instruction in the same instruction stream woulddetermine whether the 10^(th) byte of the packet is less than or equalto 200.

To help illustrate, FIG. 7 shows an instruction within an instructionstream to be applied to portions of a data packet, according toembodiments of the present invention. In particular, FIG. 7 illustratesinstruction 700 that represents a format of one of instructions 604A-Iand instructions 608A-I. Instruction 700 includes operation code 702.The types of operation codes that can be included in operation code 702include, but are not limited to, different comparisons (“greater than”,“greater than or equal to”, “equal to”, “less than or equal to”, “lessthan” and “not equal to”) and a match operation code. Offset 704includes a value that represents the offset within the byte stream ofthe data packet where a value is located for processing by instruction700. Additionally, instruction 700 includes comparison value 706 andmask 708. In operation, the value located by offset 704 within the bytestream of the data packet is masked by the value in mask 708 in order tomask out certain bits from this byte stream value. In one embodiment,this masking allows for the normalization across a number of differentpacket formats. This byte stream value that has been masked is thencompared to comparison value 706 using the operation code withinoperation code 702. In an embodiment, a match operation code is employedin the last instruction in a given instruction stream. Accordingly, whenthe byte located at the value stored in offset 704 is received, theinstruction stream is assumed to be matched to this given packet, andthereby considered the last instruction in the instruction stream.

Returning to FIG. 6 to help illustrate, instruction stream 602 could bedetermining if packet 610 were an IP packet. Accordingly, instruction604A of instruction stream 602 could include a “less than” withinoperation code 702, a value of 10 in offset 704, a value of 100 incomparison value 706 and a value of zero in mask 708. Therefore, whenapplying instruction stream 602, when the 10^(th) byte for the packet610 is received (equating to the offset value stored in offset 704), thevalue of this 10^(th) byte is masked with zero and the result comparedto 100 (the value stored in comparison value 706) to determine if thevalue stored in the 10^(th) byte is less than 100.

This application of an instruction within an instruction stream is notlimited to one instruction stream, as any number of instruction streamscould process the given byte within the packet. Returning to the exampleabove to help illustrate, instruction 608B of instruction stream 606could also include a different or same type of comparison for the samebyte (i.e., the 10^(th) byte) within packet 610, as this instructionstream could be determining if the packet were an Ethernet packet. Forexample, instruction 608B could provide an “equal” comparison to itscomparison value 706 for this 10^(th) byte.

As illustrated in FIG. 6, each of the byte streams of packets 610 and614 can be applied to any of instruction streams 602 and 606. Forexample for byte 612B, preclassification circuitry 302 can applyinstruction 604A of instruction stream 602 (which is associated withlocating an Ethernet packet), while also applying instruction 608B ofinstruction stream 606 (which is associated with locating an IP packet).Accordingly, the instructions within any of the number of instructionstreams can be applied to a given byte of a packet. For example, boththe third instruction of instruction stream 602 and the 11^(th)instruction of instruction stream 606 could be applied to byte 616A ofpacket 614 (assuming that byte 616A is not the first byte in thepacket).

Returning to FIG. 5, method 500 continues at process decision block 506wherein preclassification circuitry 302 determines if all of theinstruction streams applied to the byte failed. In particular, aninstruction stream has failed if a comparison within a given instructionfails. For example, if comparison value 706 has a value of 50, operationcode 702 is “less than”, the value stored in the byte identified byoffset 704 is 51 and the mask is zero, the comparison would fail forthis instruction and the instruction stream having this instructionwould be in a “failed” state.

Upon determining that all instructions streams being applied to thegiven packet have failed, preclassification circuitry 302 resets thestates for this data packet, at process block 508 (the states for a datapacket are described in more detail below in conjunction with processblock 510). Additionally, preclassification circuitry 302 assigns adefault priority value based on the port that this packet is beingreceived on, at process block 514. Because all of the instructionstreams have failed, preclassification circuitry 302 is unable todetermine the type for this packet. Therefore, a priority value isassigned depending on which port the packet is being received, asdifferent ports can be assigned different levels of priority.Preclassification circuitry 302 waits for the first byte of the nextpacket in the data stream, at process block 516, and restarts theprocess at process block 502 to determine the type for a packet usingthe instruction streams.

In contrast, upon determining that not all of the instruction streamsbeing applied to the given packet have failed, preclassificationcircuitry 302 determines whether at least one instruction stream issuccessful, at process decision block 518. In one embodiment, thisdetermination is based on the execution of the match operation codeinstruction in the instruction stream. In particular, differentinstruction streams can be applied to a given packet in order todetermine the type (e.g., Ethernet or IP) for the packet. Additionally,each instruction stream could have one to a number of differentinstructions to be applied to various bytes in the packet in order todetermine if the instruction stream is “successful.”

For example, in order to determine whether a packet is an 802.11QEthernet packet with a priority field, five different comparisoninstructions applied to different bytes in the packet may need to beexecuted successfully in order to assure that this is an Ethernetpacket. For other types of packets, a fewer or greater number ofinstructions may be need to be applied to the different bytes in thepacket. Therefore, in an embodiment, even though preclassificationcircuitry 302 may have only one instruction stream left that has notfailed, the required number of instructions for this instruction streamwill still be executed to ensure the type for the packet.

Upon determining that at least one instruction stream is successful,preclassification circuitry 302 determines the priority value for thispacket based on the type of data packet, at process block 520. Inparticular, preclassification circuitry 302 is able to locate a priorityvalue that is stored within the data packet based on its type. Forexample, in one embodiment, the priority value could be stored in byte50 for a given type of packet, while being stored in byte 62 for adifferent type of packet. Accordingly, in one embodiment, the byteswithin the data packets that the different instruction streams areprocessing are before the byte(s) that store the priority value.Preclassification circuitry 302 waits for the first byte of the nextpacket in the data stream, at process block 516, and restarts theprocess at process block 502 to determine the type for a packet usingthe instruction streams.

Upon determining that no instruction stream is successful,preclassification circuitry 302 updates the state for this packet, atprocess block 510. Among other information, the state for a given packetcan include the status (such as “fail”) of each instruction stream beingapplied to the given packet as well as those instructions that have beenapplied to the given packet and the results thereof for each of thedifferent instruction streams.

In one embodiment, preclassification circuitry 302 stores 32 differentstates for 32 different packets that are being received and processed.In one such embodiment, preclassification circuitry 302 receives packetsfrom 4 different physical ports such that a given port receives datathat includes byte streams from 8 different packets that are beingmultiplexed together and processed accordingly. In one such embodiment,therefore, preclassification circuitry could receive the first 32 bytesof a first packet, followed by the first 32 bytes of a second packet andcontinues until the first 32 bytes of the eighth packet have beenreceived and then begin receiving the second 32 bytes of the firstpacket and continues processing accordingly. Therefore,preclassification circuitry 302 can store and update a state for anumber of different packets.

At process block 512, preclassification circuitry 302 receives the nextbyte in the data packet, and applies those instruction streams that arenot in a “fail” state to the byte, at process block 504. As illustrated,this process continues until the data packet is identified and thepriority value is located in the packet or until all of the instructionstreams for this data packet have failed and a default value is assignedfor the priority value. As illustrated, embodiments of preclassificationcircuitry 302 are able to identify the types of data packets beingreceived on its different port interfaces independent of branch logicand circuitry, as the different instruction streams are able to identifysuch types with those failing instruction streams being discarded as thebytes of the packets are processed by the different instructions inthese instruction streams.

Returning to FIG. 4, after determining the priority value for the datapacket, at process block 404, preclassification circuitry 302 transmitsthis priority value to admission control circuitry 304. Additionally,admission control circuitry 304 receives port number 310, which is thenumber of the port that this data packet is received from, at processblock 406. In one embodiment, port number 310 is received frompreclassification circuitry 302. In other embodiments, port number 310is received from other circuitry, logic or other sources (not shown).

In an embodiment, upon determining a priority value and the port for agiven packet, admission control circuitry 304 traverses mapping table360 to determine the identification of an admission group for thispacket (i.e., an admittance group identifier), at process block 407. Inone such embodiment, memory buffer 308 can store data packets into amaximum of 128 different admission groups. In an embodiment, upondetermining a priority value and the port for a given packet, admissioncontrol circuitry 304 traverses the look-up table in memory attachedthereto (not shown) to determine a queue to associate with the datapacket.

Admission control circuitry 304 determines how many data packets storedin memory buffer 308 have the admittance group identifier that this datapacket has, at process block 408. In one embodiment, admission controlcircuitry 304 queries memory buffer 308 to determine the number of datapackets having this admittance group identifier. In another embodiment,admission control circuitry 304 stores this information in local memory(not shown).

Additionally, admission control circuitry 304 determines whether thenumber of data packets within memory buffer 308 having this admittancegroup identifier is above a threshold value. For example, in oneembodiment, the components of packet processing circuitry 212 can beprovisioned to only allow for the storage of 50 data packets (thethreshold value) from admittance group ‘one’ into memory buffer 308.

Upon determining that storing this data packet into memory buffer 308would cause the total number of data packets having this admittancegroup identifier to exceed a given threshold within memory buffer 308,drop circuitry 362 discards the data packet, at process block 412.Conversely, upon determining that storing this data packet into memorybuffer 308 would not cause the total number of data packets having thiscombination of port number and priority value to exceed a giventhreshold within memory buffer 308, admission control circuitry 304keeps the data packet stored in memory buffer 308, at process block 414.

In an embodiment, queuing circuitry 364 queues pointers to the datapackets stored in memory buffer 308 into queues 330-336, depending onthe queue associated with the given data packets. Processing units320-326 shown in FIG. 3 extract and process the data packets stored inmemory buffer 308 out from packet processing circuitry 212. Returning toFIG. 2 to help illustrate, for data packets being outputted from networkelements 102-108 to, for example, another network element, these datapackets can be outputted from egress packet processing circuitry 214 tophysical connection circuitry 210. Additionally, for data packets beingoutputted to another line card through packet mesh 226, these datapackets can be outputted from ingress packet processing circuitry 212 topacket mesh 226.

In an embodiment, processing units 320-326 can selectively process datapackets stored in memory buffer 308, using queues 330-336. For example,processing units 320-326 could process all of the data packets from agiven queue until this queue is empty and then process data packets fromthe other queues while the first queue remains empty. In anotherembodiment, processing units 320-326 could process a selected number ofpackets from a first queue and then process a selected number of packetsfrom a second queue. For example, processing unit 320 could beprogrammed to process 15 data packets from queue 330 and then process 5packets from queue 334, thereby processing the data packets in queues330 and 336 in a round robin operation. The above examples of selectiveprocessing by processing units 320-326 is by way of example and not byway of limitation, as other types of selective processing can beincorporated into embodiments of the present invention.

Embodiments of the present invention describe the controlling of theadmission of data packets into memory buffer 308 based on a priorityvalue and the port number for a data packet. However, embodiments of thepresent invention are not so limited. For example, in anotherembodiment, this decision can be based on only the priority value forthe data packet. Alternatively, in an embodiment, this decision can bebased on only the port number for data packet. Other embodiments of thepresent invention can look to other criteria in reference to theincoming data packets to determine whether to store these data packetsinto memory buffer 308. For example, in another embodiment, the decisioncould be based on the source and/or destination of the data packet.

The line cards and control cards included in the different networkelements include memories, processors and/or Application SpecificIntegrated Circuits (ASICs). Such memory includes a machine-readablemedium on which is stored a set of instructions (i.e., software)embodying any one, or all, of the methodologies described herein.Software can reside, completely or at least partially, within thismemory and/or within the processor and/or ASICs. For the purposes ofthis specification, the term “machine-readable medium” shall be taken toinclude any mechanism that provides (i.e., stores and/or transmits)information in a form readable by a machine (e.g., a computer). Forexample, a machine-readable medium includes read only memory (ROM);random access memory (RAM); magnetic disk storage media; optical storagemedia; flash memory devices; electrical, optical, acoustical or otherform of propagated signals (e.g., carrier waves, infrared signals,digital signals, etc.); etc.

Embodiments of the present invention were described in terms of discreteprocessing elements, such as physical connection circuitry 210 oringress packet processing circuitry 212, performing certain operations.However, this is by way of example and not by way of limitation. Forexample, in other embodiments, the operations described herein can beincorporated into a single processing element. In other embodiments,operations in one processing element may be performed in another of thedescribed processing elements.

Thus, a method and apparatus for controlling the admission of datapackets into a network element have been described. Although the presentinvention has been described with reference to specific exemplaryembodiments, it will be evident that various modifications and changesmay be made to these embodiments without departing from the broaderspirit and scope of the invention. Accordingly, the specification anddrawings are to be regarded in an illustrative rather than a restrictivesense.

1. A method for controlling admittance of a data packet into a memorybuffer, the method comprising: performing, prior to queuing the datapacket for routing by a processor, the following: receiving a datapacket from one of at least two different ports; determining a priorityvalue within the data packet; and determining an admittance groupidentifier for the data packet based on the priority value and the portthe data packet was received; and queuing the data packet from thememory buffer to one of a number of queues for routing by the processorupon determining that a number of data packets stored in the memorybuffer and having the admittance group identifier is not greater than athreshold value. 2-40. (canceled)